This topic highlights important new features included in Pivotal Cloud Foundry (PCF) v2.2.

PCF Operations Manager (Ops Manager) Highlights

Ops Manager v2.2 includes the following major features:

Ops Manager API Documentation is Public

In time for the Ops Manager v2.2 release, Ops Manager API documentation is accessible publically through docs.pivotal.io. Previously, you could only access the Ops Manager API documentation through your own Ops Manager.

Multiple Data Centers on vSphere

Ops Manager now supports multiple vSphere vCenters on a single vSphere BOSH Director tile. This allows you to spread instances across regions without having to deploy and manage multiple PCF foundations.

Selectively Deploy Tiles in Ops Manager or via an API Endpoint

You can now choose to deploy a selection of tiles rather than all tiles in Ops Manager. This feature allows you to reduce the amount of change in any given deployment, which drastically reduces deployment time.

This feature is in beta for Ops Manager, and is generally available as an API endpoint. For more information, see Triggering an install process in the Ops Manager API documentation.

Ops Manager Stores Past Manifests

Through the Ops Manager API, you can see Ops Manager’s manifest history. Manifest history is helpful for running diff commands on manifests to see changes over time.

Azure Stack is Generally Available

Pivotal officially supports Azure Stack.

Azure Stack is a hybrid cloud platform that lets you deliver Azure services from your own on-premise datacenter. For more information about Azure Stack, see What is Azure Stack? from the Microsoft Azure documentation.

Ops Manager Supports Azure China

Ops Manager now supports a special region in Azure called Azure China. Azure China is a physically separated instance of cloud services that is located in China and independently operated. For more information about Azure China, see What is Azure China 21Vianet? in the Azure China documentation.

Ops Manager Credentials Stored in CredHub

For even greater security, Ops Manager sends user-specified credentials to BOSH CredHub on each deployment. For more information about where Ops Manager-specific credentials are stored, see BOSH CredHub.

Secret Text Areas

When a user enters text into a secret text area and clicks Save, the Ops Manager UI replaces the text with an *. Additionally, users of the Ops Manager API can not retrieve text entered in secret text areas. Ops Manager stores this text in CredHub.

Tile authors can mark a text area as secret by setting type: secret and display_type: text_area in the property blueprint for their tile.

Specify a Custom Trusted SSL Certificate

Operators can specify a custom trusted SSL certificate and key for the Ops Manager server so that traffic isn’t exposed to man-in-the-middle attacks when using Ops Manager.

By default, Ops Manager uses an auto-generated self-signed certificate. To change this configuration to your own SSL certificate, go to Settings from the Ops Manager Installation Dashboard and select the SSL Certificate pane. For more information about Ops Manager settings, see Settings Page in the Understanding the Ops Manager Interface topic.

Configure an Ops Manager Syslog Server

You can configure a syslog server for Ops Manager logs. Logs include rails production logs, audit logs, UAA logs, nginx logs, and upstart logs for Ops Manager processes. Previous to this change, Ops Manager logs were not centralized in one accessible location. You also have the option to TLS-encrypt your logs.

For more information about configuring syslog for Ops Manager, see Settings Page in the Understanding the Ops Manager Interface topic.

Custom Identification Tags Supported

If you have more than one PCF foundation, identification tags allow you to easily identify which foundation your VMs belong to when viewing your IaaS. You are able to set custom Identification Tags in the Director Config pane of your BOSH Director tile.

BOSH DNS Enabled By Default

BOSH DNS is enabled for both app containers and PCF components in v2.2. In previous versions, Consul managed service discovery between PCF components, but Consul is being replaced by BOSH DNS. BOSH DNS lets app containers and PCF components look up services with the BOSH DNS service discovery mechanism. To support BOSH DNS, the Ops Manager Director colocates a BOSH DNS server on every deployed VM. This does not negatively impact performance.

Note: In PCF v2.2, Consul and BOSH DNS are both available in PCF, but BOSH DNS is the only service used for DNS requests.

BOSH DNS is enabled by default. You can disable BOSH DNS if instructed to do so by Pivotal support. From the Ops Manager installation dashboard, click the Ops Manager tile. In the Director Config tab, select the Disable BOSH DNS server for troubleshooting purposes.

WARNING: Do not disable BOSH DNS without instructions from Pivotal support. Disabling BOSH DNS will also disable PKS, NSX-T, and several PAS features. If you disabled BOSH DNS in PCF v2.1, reenable it before upgrading to PCF v2.2.

Change Log Includes Products Deployed but Unchanged

The Change Log pane lists products as Unchanged when they remain deployed, but their configuration has not changed from a prior deployment, so Ops Manager did not re-deploy them.

Pivotal Application Service (PAS) Highlights

More Secure Cipher Suites for CF SSH

For greater security, the SSH proxy now accepts a narrower range of ciphers, MACs, and key exchanges when you call cf ssh from the CF CLI.

Unversioned S3 Buckets for Backups

PAS can now back up unversioned S3 buckets used for external file storage, saving backup artifacts to separate, dedicated backup buckets. For more information, see the External or S3 Filestore section the PAS installation topic for your IaaS.

Gorouter Logging Changes for GDPR Compliance

You can now disable logging of client IP addresses in the Gorouter to comply with the General Data Protection Regulation (GDPR).

Breaking Change: Before enabling RFC 3339 format for Diego logs, ensure that your log aggregation system anticipates the timestamp format change. If you experience issues, you can disable RFC 3339 format in the PAS tile.

Service Discovery for Container-to-Container Networking Enabled By Default

In PAS v2.1, service discovery for container-to-container networking was an experimental feature that you could opt in to use. In PAS v2.2, this feature is enabled by default, and you can opt out of using it.

For more information about disabling service discovery for container-to-container networking, see the Configure Application Developer Controls section of the PAS installation topic for your IaaS.

DNS Search Domains

PAS v2.2 allows you to configure the DNS search domains used in containers by entering a comma-separated list.

Loggregator Introduces Log Cache

Loggregator adds an in-memory caching layer for logs and metrics and provides a RESTful interface for retrieving them. Unlike the cf logs APP-NAME --recent command, Log Cache gives you queryable, filterable data when you use it to retrieve recent logs for your apps.